Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Assessment Beginning an Analysis Date by Jim Bowman.

Published byJulie Wilkinson Modified over 7 years ago

Similar presentations

Presentation on theme: "Risk Assessment Beginning an Analysis Date by Jim Bowman."— Presentation transcript:

1 Risk Assessment Beginning an Analysis Date by Jim Bowman

2 Background Goals Definitions Planned Evolution Risk Assessment
Overview Risks Assessments Scoring Background Goals Definitions Planned Evolution Date by Jim Bowman

3 Effective and efficient business operations
Risk Assessment Overview Risks Assessments Scoring Background Corporate fraud in the 1990’s led to a recognized need for Boards of Directors to provide reasonable assurance in achieving 3 objectives: Effective and efficient business operations Reliable financial reporting Compliance with laws and regulations Date by Jim Bowman

4 Background (Continued)
Risk Assessment Overview Risks Assessments Scoring Background (Continued) Controlling risks requires: A controlled environment/culture Risk Assessment Control Activities Information and Communication Monitoring Date by Jim Bowman

5 Improve Business Success
Risk Assessment Overview Risks Assessments Scoring Goals Reduce Risks Increase Confidence Improve Business Success Date by Jim Bowman

6 Risk – The possibility that something will go wrong
Risk Assessment Overview Risks Assessments Scoring Definitions Risk – The possibility that something will go wrong Assessment – The likelihood that the adverse event will happen and the impact it would have on the business Scoring – Prioritizing our attention to making improvements Date by Jim Bowman

7 Planned Evolution for Making a Risk Assessment:
Overview Risks Assessments Scoring Planned Evolution for Making a Risk Assessment: Step 1 Identify the universe of risks Step 2 Evaluate the effectiveness of controls Step 3 Determine how to monitor the risks Date by Jim Bowman

8 Planned Evolution (Continued)
Risk Assessment Overview Risks Assessments Scoring Planned Evolution (Continued) Assess the likelihood and potential negative impact if the adverse event occurred Step 4 Step 5 Prioritize needed improvements Step 6 Review and update the Risk Assessment monthly Date by Jim Bowman

9 1. Key Business Activities
Risk Assessment Overview Risks Assessments Scoring Identify the Universe of Risks from: 1. Key Business Activities 2. Prior Audits 3. Regulatory Requirements Date by Jim Bowman

10 1. Key Business Activities
Risk Assessment Overview Risks Assessments Scoring 1. Key Business Activities By Departments Department activities have risks Each job function has risks Clinical Risks Services, Products, Equipment, Personnel Research, Patient Privacy and Safety and Care Variances, Licenses, Accreditation Quality of Services, Performance Measures Proper Documentation Date by Jim Bowman

11 1. Key Business Activities, Continued
Risk Assessment Overview Risks Assessments Scoring 1. Key Business Activities, Continued Business Risks Billing, Revenue Cycle and Cost Reports Contracts and Leasing Arrangements Insurance Human Resources Policies and Procedures Information Technology and Security Organizational Risks Unique Governmental Requirements Tax Status Date by Jim Bowman

12 2. Prior Audits Risk Assessment Recent External Audits
Overview Risks Assessments Scoring 2. Prior Audits Recent External Audits Findings Management Responses Follow Up Corrective Actions Recent Internal Audits Findings and Corrective Actions “Hot Topics” Requiring Further Work Date by Jim Bowman

13 3. Regulatory Requirements
Risk Assessment Overview Risks Assessments Scoring 3. Regulatory Requirements Governmental Obligations and Requirements Laws and Rules that Regulate the Business Governmental Investigations into Fraud and Abuse Regulatory and Accreditation Standards Governmental Alerts and Bulletins Relevant Court Cases (Prosecution and Litigation) Sentencing Guidelines National Database of Healthcare Practioner Fraud and Abuse Date by Jim Bowman

14 3. Regulatory Requirements, Continued
Risk Assessment Overview Risks Assessments Scoring 3. Regulatory Requirements, Continued Other Resources OIG Work Plan OIG Compliance program Guidance OIG Supplemental Guidance Relevant Newspaper Headlines Information from Internet, Newsletters and Professional Organizations Date by Jim Bowman

15 Once the risk topics have been identified,
Risk Assessment Overview Risks Assessments Scoring Once the risk topics have been identified, List them within broad categories, such as: Sales and Marketing Providing Clinical Services Environmental Health and Safety Confidentiality and Privacy Records Management Human Resources Licensing, Registration, Certification, Accreditation Clinical Research Vendor Relations…or others as needed Date by Jim Bowman

16 Risk Assessment Overview Risks Assessments Scoring Please refer to the sample Risk Assessment Spreadsheet for this section. This section will focus on assessing risks by using the six spreadsheet columns to the right of each risk topic. Date by Jim Bowman

17 1. Obligation 2. Policy and Guidelines 3. Internal Controls
Risk Assessment Overview Risks Assessments Scoring 1. Obligation 2. Policy and Guidelines 3. Internal Controls 4. Control Adequacy 5. Audit/Monitoring 6. Follow Up Date by Jim Bowman

18 1. Obligation Risk Assessment
Overview Risks Assessments Scoring 1. Obligation Identify the Regulatory Obligation or Compliance Risk that must be met for each risk topic. Enter it into the spreadsheet. The Obligation should be a “positive” statement. An example is “Accurately promote products consistent with FDA approval.” A negative statement would be “Don’t violate FDA approved promotions.” Date by Jim Bowman

19 Risk Assessment Overview Risks Assessments Scoring 2. Policy and Guidelines List all Company Policies and Guidelines that refer to each of the risk topics. Enter those items into the spreadsheet for each risk topic. Date by Jim Bowman

20 Risk Assessment Overview Risks Assessments Scoring 3. Internal Controls Identify all Internal Controls for each risk topic. Internal Controls are documentation that include training materials, signed training completion certifications, policies, procedures, completed checklists and forms, etc. Enter all Controls into the spreadsheet for each risk topic. Date by Jim Bowman

21 Risk Assessment Overview Risks Assessments Scoring 4. Control Adequacy Evaluate the Controls for their adequacy in preventing risks. At this point, the Controls are either Adequate or Needs Improvement. Enter either Adequate or Needs Improvement into the spreadsheet for each risk topic. Date by Jim Bowman

22 Risk Assessment Overview Risks Assessments Scoring 5. Audit/Monitoring List all documented forms of auditing and/or monitoring that tests the effectiveness of each Control in preventing risk. Enter all of the audits or monitors into the spreadsheet for each risk topic. Date by Jim Bowman

23 Risk Assessment Overview Risks Assessments Scoring 6. Follow Up Describe what Follow Up should be done for each risk topic whose Control was Needs Improvement. Enter the Follow Up work into the spreadsheet for each risk topic. Date by Jim Bowman

24 Risk Assessment Overview Risks Assessments Scoring At this point, there should be a number of risk topics that require Follow Up. The next step will be to prioritize Follow Up work to the topics with the most risk. In order to do this, Scoring each Risk that Needs Improvement must be done. Date by Jim Bowman

25 Scoring the Risk Topics is based on:
Risk Assessment Overview Risks Assessments Scoring Scoring the Risk Topics is based on: 1. Likelihood 2. Impact The results of the Scoring will be used to prioritize Follow Up work based on the severity of risk to the business. Date by Jim Bowman

26 Risk Assessment Overview Risks Assessments Scoring Scoring involves quantifying the relative magnitude of risk based on past occurrences and the potential negative impact on the business. A particular risk topic may have either a high or low likelihood of occurring. Similarly, a risk may have either a high or low negative impact on the business. Date by Jim Bowman

27 Risk Assessment Overview Risks Assessments Scoring Obviously, a risk that has a high likelihood and a high impact should receive our foremost attention. Similarly, a risk that has a low likelihood and a low impact does not require such a high level of attention. Date by Jim Bowman

28 Risk Assessment Overview Risks Assessments Scoring Risk Scoring can yield results that can be displayed on a diagram such as this: A B C D E F G H Impact Likelihood HIGH, HIGH 3 1 HIGH, LOW 2 4 LOW, LOW LOW, HIGH Date by Jim Bowman

29 Risk Assessment Overview Risks Assessments Scoring Quadrant #1 shows risk topics that scored both High Likelihood and High Impact: A B C D E F G H Impact Likelihood HIGH, HIGH 3 1 HIGH, LOW 2 4 LOW, LOW LOW, HIGH Date by Jim Bowman

30 Risk Assessment Overview Risks Assessments Scoring Quadrant #2 shows risk topics that scored a Low Likelihood and High Impact: A B C D E F G H Impact Likelihood HIGH, HIGH 3 1 HIGH, LOW 2 4 LOW, LOW LOW, HIGH Date by Jim Bowman

31 Risk Assessment Overview Risks Assessments Scoring Quadrant #3 shows risk topics that scored a High Likelihood and Low Impact: A B C D E F G H Impact Likelihood HIGH, HIGH 3 1 HIGH, LOW 2 4 LOW, LOW LOW, HIGH Date by Jim Bowman

32 Risk Assessment Overview Risks Assessments Scoring Quadrant #4 shows risk topics that scored a Low Likelihood and Low Impact: A B C D E F G H Impact Likelihood HIGH, HIGH 3 1 HIGH, LOW 2 4 LOW, LOW LOW, HIGH Date by Jim Bowman

33 Risk Assessment Overview Risks Assessments Scoring The numerical sequence of quadrants guides our priority in addressing risks. A B C D E F G H Impact Likelihood HIGH, HIGH 3 1 HIGH, LOW 2 4 LOW, LOW LOW, HIGH Date by Jim Bowman

34 We will look at each scoring block.
Risk Assessment Overview Risks Assessments Scoring Now, let us determine a Likelihood and an Impact score for each risk topic. In the accompanying sample spreadsheet, for each risk topic there are five Likelihood scoring blocks and four Impact scoring blocks. We will look at each scoring block. Date by Jim Bowman

35 Likelihood Risk Assessment Occurrence of past errors a. No = 0
Overview Risks Assessments Scoring Likelihood Occurrence of past errors a. No = 0 b. Yes (minor) = 2 c. Yes (many) = 4 Date by Jim Bowman

36 Likelihood Risk Assessment Degree of complexity of the process
Overview Risks Assessments Scoring Likelihood Degree of complexity of the process a. Not complex = 0 b. Somewhat complex = 2 c. Very complex = 4 Date by Jim Bowman

37 Likelihood Risk Assessment Degree of Manual versus Automated
Overview Risks Assessments Scoring Likelihood Degree of Manual versus Automated a. Automated = 0 b. Somewhat automated = 2 c. Manual = 4 Date by Jim Bowman

38 Likelihood Risk Assessment
Overview Risks Assessments Scoring Likelihood Stability or degree of changes in people, systems and processes a. No changes, stable = 0 b. Some changes, somewhat unstable = 2 c. Many changes, very unstable, or new = 4 Date by Jim Bowman

39 Likelihood Risk Assessment
Overview Risks Assessments Scoring Likelihood Effectiveness of controls, as demonstrated in past audits and monitors a. Good = 0 b. Not audited = 2 c. Needs Improvement = 4 Date by Jim Bowman

40 Risk Assessment Overview Risks Assessments Scoring Likelihood When you add the five Likelihood scores together, a sum greater than 7 is considered to be High Likelihood. Enter the Likelihood scores and total into the spreadsheet. Date by Jim Bowman

41 Impact Risk Assessment Frequency and volume of transaction
Overview Risks Assessments Scoring Impact Frequency and volume of transaction a. Small = 0 b. Medium = 3 c. Large = 5 Date by Jim Bowman

42 Impact Risk Assessment Direct impact on regulatory requirements
Overview Risks Assessments Scoring Impact Direct impact on regulatory requirements a. No regulatory requirement = 0 b. Regulatory requirement = 5 Date by Jim Bowman

43 Impact Risk Assessment
Overview Risks Assessments Scoring Impact Range of possible loss of revenue (fines, lost business, litigation) a. No loss = 0 b. Minimal refund = 2 c. Systemic issue, large refund = 4 d. Large refund and penalties or fines = 6 Date by Jim Bowman

44 Impact Risk Assessment Reportable to the government a. No = 0
Overview Risks Assessments Scoring Impact Reportable to the government a. No = 0 b. Yes = 5 Date by Jim Bowman

45 Risk Assessment Overview Risks Assessments Scoring Impact When you add the four Impact scores together, a sum greater than 10 is considered to be High Impact. Enter the Impact scores and total into the spreadsheet. Date by Jim Bowman

46 Risk Assessment Overview Risks Assessments Scoring Next Steps The objective of a Risk Assessment is not to simply make an Audit Plan, but to make the business better by improving the weaknesses. A report of the Risk Assessment findings and a strategic plan to address the highest priorities should be made into a Compliance Work Plan. Date by Jim Bowman

47 Next Steps The Compliance Work Plan should include: Risk Assessment
Overview Risks Assessments Scoring Next Steps The Compliance Work Plan should include: The results of the Risk Assessment A list of the highest priority risk topics A strategic plan for follow up work Monthly review of the Risk Assessment Add new risk topics as they arise Date by Jim Bowman

Download ppt "Risk Assessment Beginning an Analysis Date by Jim Bowman."

Similar presentations

1 Documentation Legal Framework Air Navigation Orders Guidelines ATS Manual Airport Manual Safety Management Manual ICAO Annexes Licenses / Certificates.

1 Documentation Legal Framework Air Navigation Orders Guidelines ATS Manual Airport Manual Safety Management Manual ICAO Annexes Licenses / Certificates.
1 Regulation. 2 Organisational separation 3 Functional Separation.

1 Regulation. 2 Organisational separation 3 Functional Separation.
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Control and Accounting Information Systems

Control and Accounting Information Systems
STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.
Internal Control.

Internal Control.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Risk-Focused Examinations David Vacca, Assistant Director – Insurance Analysis & Information Services, NAIC Welcome to the © 2009 The National Association.

Risk-Focused Examinations David Vacca, Assistant Director – Insurance Analysis & Information Services, NAIC Welcome to the © 2009 The National Association.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Purpose of the Standards

Purpose of the Standards
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.

Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Control and Accounting Information Systems

Control and Accounting Information Systems
An Educational Computer Based Training Program CBTCBT.

An Educational Computer Based Training Program CBTCBT.

Similar presentations

Ads by Google